Apparatus and method for automated privacy protection in distributed images

ABSTRACT

A method executed by a computer includes receiving an image from a client device. A facial recognition technique is executed against an individual face within the image to obtain a recognized face. Privacy rules are applied to the image, where the privacy rules are associated with privacy settings for a user associated with the recognized face. A privacy protected version of the image is distributed, where the privacy protected version of the image has an altered image feature.

CROSS-REFERENCE TO RELATED INVENTION

This application is a continuation of U.S. patent application Ser. No. 15/729,582, filed on Oct. 10, 2017, which is a continuation of and claims benefit of U.S. patent application Ser. No. 15/212,095 filed Jul. 15, 2016, now U.S. Pat. No. 9,785,796 which is a continuation of U.S. patent application Ser. No. 14/723,400 filed May 27, 2015, now U.S. Pat. No. 9,396,354 which claims priority to U.S. Provisional Patent Application Ser. No. 62/004,168, filed May 28, 2014, the contents of which are incorporated herein by reference.

FIELD OF THE INVENTION

This invention relates generally to digital images (e.g., digital photographs and videos). More particularly, this invention relates to techniques for automated privacy protection in distributed images.

BACKGROUND OF THE INVENTION

The ubiquity of digital equipment, such as smartphones and wearable technology, has created privacy concerns. In particular, large numbers of individuals are in a position to take and distribute images of another individual without the consent of the photographed or videoed individual. Accordingly, it would be desirable to provide techniques for automated privacy protection in digital image distribution.

SUMMARY OF THE INVENTION

A method executed by a computer includes receiving an image from a client device. A facial recognition technique is executed against an individual face within the image to obtain a recognized face. Privacy rules are applied to the image, where the privacy rules are associated with privacy settings for a user associated with the recognized face. A privacy protected version of the image is distributed, where the privacy protected version of the image has an altered image feature.

BRIEF DESCRIPTION OF THE FIGURES

The invention is more fully appreciated in connection with the following detailed description taken in conjunction with the accompanying drawings, in which:

FIG. 1 illustrates a system configured in accordance with an embodiment of the invention.

FIG. 2 illustrates processing operations associated with an embodiment of the invention.

FIG. 3 illustrates components of an electronic device utilized in accordance with the invention.

FIG. 4 illustrates processing operations associated with an embodiment of the invention.

FIG. 5 illustrates an electronic device for capturing and augmenting an ephemeral message.

FIG. 6 illustrates an ephemeral message destination routing interface that may be used in accordance with an embodiment of the invention.

FIG. 7 illustrates ephemeral gallery processing operations associated with an embodiment of the invention.

FIG. 8 illustrates an ephemeral gallery data structure associated with an embodiment of the invention.

FIG. 9 illustrates ephemeral gallery indicia associated with an embodiment of the invention.

FIG. 10 illustrates ephemeral gallery indicia associated with another embodiment of the invention.

FIG. 11 illustrates operations performed in response to an ephemeral gallery view request.

FIG. 12 illustrates an account administration interface to establish an ephemeral gallery that receives ephemeral messages from multiple users.

Like reference numerals refer to corresponding parts throughout the several views of the drawings.

DETAILED DESCRIPTION OF THE INVENTION

FIG. 1 illustrates a system 100 configured in accordance with an embodiment of the invention. The system includes a set of client devices 102_1 through 102_N connected to a server 104 via a network 106, which may be any wired and/or wireless network. Each client device 102 includes standard components, such as a central processing unit 110 and input/output devices 112 connected via a bus 114. The input/output devices 112 may include a touch display, a keyboard, camera, individual input buttons and the like associated with a smartphone or wearable technology (e.g., eye glasses or a watch with processing power and a wireless network communication module). A network interface circuit 116 is also connected to the bus 114 to provide connectivity to network 106. A memory 120 is also connected to the bus 114. The memory 120 stores a client module 122 with executable instructions to implement image capture and distribution operations. In particular, the client module 122 coordinates image capture operations and communicates with server 104, which coordinates image distribution operations. The image may be a digital photograph or video.

The server 104 also includes standard components, such as a central processing unit 130, a bus 132, input/output devices 134 and a network interface circuit 136. A memory 140 is also connected to the bus 132. The memory 140 stores a privacy protection module 142, which includes executable instructions to implement operations of the invention, as discussed in connection with FIG. 2. The memory 140 also stores an ephemeral gallery module 144, which will be discussed below.

As shown in FIG. 2, a client device 102_1 executing a client module 122 takes an image 200. The client module 122 coordinates the delivery of the image to the server 104. The server 104 receives the image. The server 104 may also receive an image from another service, such as a gallery of photographs or videos. The privacy protection module 142 executes facial recognition 202 for any faces present in the image. Automated facial recognition techniques in images are known in the art. In one embodiment, the privacy protection module 142 processes a set of images of a user and generates a facial signature that is associated with a user name. Facial signatures and associated user names may be maintained for all users within a photograph sharing or video sharing application. These operations may be performed on server 104. Alternately, the privacy protection module 142 coordinates calls to another networked server (not shown), which provides facial recognition services.

The next processing operation of FIG. 2 is to apply privacy rules 204. The privacy rules are associated with privacy settings for a user associated with a recognized face. For example, the privacy rules and/or privacy settings may specify that a facial image of user A may only be distributed from images taken by user A's device. Another rule may specify that images that include A's face may only be distributed from or to devices or accounts previously approved by A. For example, only usernames identified by user A may be allowed to distribute images that include user A (without the application of privacy rules). Similarly, images that include A's face may be distributed, without the privacy rules, to previously approved accounts or devices. Another rule may specify that a facial image of user B may only be distributed to friends in user B's social network. Another rule may specify that permission be obtained to distribute an image of a user that has privacy settings blocking such image distribution. For example, the privacy protection module 142 may automatically send a message on behalf of the user taking the image that seeks permission from the user that has privacy settings blocking such image distribution. The message may include the image and information on the user that took the image. Passwords or codes may be required for access to the image. That is, the viewer or message recipient may be required to obtain a password or code from the person in the image. In yet another embodiment, before being able to receive an image, the recipient may be prompted to send a request to the subject (i.e., the person in the picture) for permission to view the image. In response, a message is transmitted to the subject indicating that the recipient has requested access to view the image. The subject may then grant or deny access.

The final processing operation of FIG. 2 is to distribute or block privacy images 206 to various client devices, such as client 102_2 through 102_N. The privacy protected images have an altered image feature. The altered image feature may be a blurring of the facial image of a user that has requested privacy protection. Alternately, an emoticon, icon or brand may be placed over the face of the user that has requested privacy protection. The altered image may include a complete blocking of the face and body of the protected individual that has specified such privacy settings. Another embodiment restricts transmission or receipt of the privacy protected image (as opposed to transmitting or receiving a blurred image).

The privacy protected image may also be saved in a privacy protected format. In this case, the client 102_1 can only access a privacy protected image. Thus, if the user of client 102_1 has taken an image of an individual with privacy settings limiting which users can see such an image and such users do not include the user of client 102_1, then the user of client 102_1 only has access to a privacy protected format. This limits the user of client 102_1, but it allows individuals with privacy settings to control how other users capture them.

In an alternate embodiment, the facial recognition operation is used not for privacy purposes, but for enhancing the digital photograph in some specified manner. For example, the facial recognition operation may be used to add content, such as a sticker, text or an advertisement, which do not necessarily protect privacy or hide identity, but do provide an enhanced image.

In one embodiment, the image is ephemeral. That is, the image is configured for purposeful, and automatic, deletion after a certain period of time or after a certain action has been taken, such as viewing the image once. Thus, in these embodiments, privacy protected ephemeral images may be transmitted and distributed via any manner of communication, including, e.g., chat and other mobile application client, instant messenger, email, text/SMS, etc. The criteria for deleting the image are typically set by the individual taking the image. However, default criteria may be used (e.g., a single five second viewing period available for a twenty-four hour period).

The ephemeral images may be combined in an ephemeral gallery curated by the ephemeral gallery module 144. FIG. 3 illustrates an electronic device 300. In one embodiment, the electronic device 300 is a smartphone with a processor 302 in communication with a memory 304. The processor 302 may be a central processing unit and/or a graphics processing unit. The memory 304 is a combination of flash memory and random access memory. The memory 304 stores an ephemeral message controller 306 to implement operations of the invention. The ephemeral message controller 306 may include executable instructions to access a server which coordinates operations disclosed herein. Alternately, the ephemeral message controller 306 may include executable instructions to coordinate some of the operations disclosed herein, while the server implements other operations.

The display time for the ephemeral message is typically set by the message sender. However, the display time may be a default setting or a setting specified by the recipient. Regardless of the setting technique, the message is transitory (i.e., the message is deleted or otherwise made inaccessible after a certain period of time or after a certain action has been taken).

The processor 302 is also coupled to image sensors 315. The image sensors 315 may be known digital image sensors, such as charge coupled devices. The image sensors capture visual media, which is presented on display 316.

A touch controller 318 is connected to the display 316 and the processor 302. The touch controller 318 is responsive to haptic signals applied to the display 316. In one embodiment, the ephemeral message controller 306 monitors signals from the touch controller 318. If haptic contact is observed by the touch controller 318 in connection with indicia of an ephemeral gallery, then the ephemeral gallery is displayed to the user as a sequence of ephemeral messages.

The electronic device 300 may also include other components commonly associated with a smartphone, such as a wireless signal processor 320 to provide connectivity to a wireless network. A power control circuit 322 and a global positioning system processor 324 may also be utilized. While many of the components of FIG. 3 are known in the art, new functionality is achieved through the ephemeral message controller 306 operating in conjunction with a server (e.g., server 104).

FIG. 4 illustrates processing operations associated with the ephemeral message controller 306. Initially, an ephemeral message is captured 400. FIG. 5 illustrates electronic device 300 and touch display 316 with a photograph 500 operative as an ephemeral message.

The next processing operation of FIG. 4 is to determine whether to alter a timer or a message duration parameter 402. FIG. 5 illustrates an example of indicia 502 of a message duration parameter. In this example, the indicion indicates a default of 5 seconds as the message duration parameter. If the indicia is engaged (e.g., through haptic contact), then a prompt may be supplied for a new message duration parameter (e.g., 10 seconds). Such activity (402—Yes) results in the acceptance of the new timer value 404. If a new timer value is specified or no alteration of a timer transpires (402—No) control proceeds to block 406. The user may be prompted to augment the ephemeral message. As shown in FIG. 5, a drawing tool 504 may be supplied to allow a user to add a hand drawn message. The drawing tool 504 may be manipulated by haptic contact to enter a message or annotation of visual media. Alternately or in addition, a keyboard may be used to type augment a message. For example, a tap on the touch display 316 may result in a keyboard being displayed, which allows a user to enter a typed message.

As shown in FIG. 4, annotations may be accepted 408 in this manner. Augmentation may also be in the form of photograph filters. That is, photograph filters may be accepted 410. For example, a first right-to-left swipe motion on the touch display 316 may drag a first filter on top of the photograph. A second right-to-left swipe motion on the touch display 316 may drag a second filter on top of the photograph. Filter processing of this type is described in commonly owned U.S. Ser. No. 14/325,270, filed Jul. 7, 2014, the contents of which are incorporated herein by reference.

The next operation of FIG. 4 is to accept destinations 412. As more fully described below, a destination may be used to identify intended recipients of a message or a location or “gallery” where one or more messages may be accessed. FIG. 5 illustrates an icon 506 to invoke a destination list. Haptic contact on the icon may result in a destination list of the type shown in FIG. 6. FIG. 6 illustrates an electronic device 300 displaying a destination list. The destination list may include a destination of “My Story” 602, where “My Story” is a reference to an ephemeral gallery of ephemeral messages. The destination list may also include friends or contacts section 604 listing various friends that may be ephemeral message recipients. Haptic contact with a box 606 associated with a listed individual or story places the corresponding individual or story on a destination list.

Returning to FIG. 4, after the destination list is specified, the ephemeral message is sent to the specified destinations 414. For example, the ephemeral message is sent to friends selected from section 604, if any. A check is also made to determine whether the message should be posted to an ephemeral gallery 416. If not (416—No), processing is completed. If so (416—Yes), the processing of FIG. 7 is performed 420. Thus, it is possible to send a message to one or more friends and/or post to an ephemeral gallery.

The ephemeral gallery module 144 may include instructions to coordinate the processing operations of FIG. 4. These operations may be controlled by the ephemeral gallery module 144 or they may be performed in conjunction with selective operations performed by the ephemeral message controller 306.

FIG. 7 illustrates ephemeral gallery module 144 operations performed in accordance with an embodiment of the invention. The first operation of FIG. 7 is to determine whether a new gallery is needed 700. As discussed in connection with FIG. 6, designating “My Story” 602 as a message recipient results in a post of an ephemeral message to an ephemeral gallery. If a gallery does not exist (700—Yes), then a new gallery is created 702. Alternately, if a gallery does exist and a user wants to create a new gallery, then the new gallery is created 702. The user may be supplied a prompt to indicate whether an existing gallery should be used or a new gallery should be designated.

The message is then posted in the gallery with a gallery participation parameter 706. The gallery participation parameter is an ephemeral period of time that the ephemeral message will continue to exist in the gallery. For example, a first ephemeral message posted to the gallery may have a default gallery participation parameter of 24 hours. In other instances, the gallery participation parameter may be set by a user. The gallery participation parameter value decreases with the passage of time. Thus, in this embodiment, an ephemeral message gallery subsists for as long as the gallery participation parameter of the last message posed to the gallery.

In another embodiment, a gallery timer may be assigned to a gallery by a user. The gallery timer may be used to establish a lifespan of an associated gallery and messages posted to this gallery subsist for no longer than the life of the gallery. Thus, in some embodiments, all messages posted to such a gallery will subsist for the duration of the life of the gallery (regardless of posting time). In other embodiments, messages may be submitted with a gallery participation parameter. In these embodiments, messages expire and become inaccessible at the earlier of the gallery participation parameter or the remaining life of the gallery.

The next processing operation of FIG. 7 is to post activity indicia 708. Examples of activity indicia are provided below. A check is then made to determine whether there is an expired participation parameter 710. If so (710—Yes), the ephemeral message associated with the expired participation parameter is removed from the ephemeral gallery 714. If as a result of this removed message the gallery is empty (716—Yes), then the ephemeral gallery ephemeral gallery terminates and indicia of the gallery is removed 718. If the gallery is not empty (716—No), a check is made for a new message 712. If a new message exists (712—Yes), then processing returns to block 706. If a new message does not exist (712—No), then processing returns to block 710. If an expired participation parameter does not exist (710—No), then a check is made once again for a new message 712.

FIG. 8 illustrates a data structure for an ephemeral message gallery. A first column 800 may have a list of messages. Another column 802 may have a list of message duration parameters for individual messages. Another column 804 may have a list of gallery participation parameters for individual messages. Observe in this example that the values in column 802 add up to 30 seconds. Thus, the ephemeral message gallery in this example has four messages that will take 30 seconds to display. Further observe that the oldest message (Message_1) is displayed first and will be removed in 120 minutes. In this example, the newest message (Message_4) will remain in the ephemeral gallery for 1320 minutes at which point the ephemeral gallery will expire, unless another message is posted. The arrival of a new message alters the gallery timer, but does not alter gallery participation parameters.

FIG. 9 illustrates an interface 900 with a section 902 that designates available ephemeral message galleries (stories) and a section 904 with a listing of friends (available destinations for an ephemeral message). Observe that section 902 has indicia of ephemeral message gallery activity. FIG. 9 provides example indicia of the time that the last message was posted to the ephemeral message gallery. FIG. 9 also provides example graphical indicia of the amount of time remaining for an ephemeral message gallery. Observe that the first entry was posted 20 minutes ago and therefore has a full circle indicative of the time remaining for that ephemeral message gallery. On the other hand, the third entry was posted 12 hours ago and has approximately half a circle to indicate the time remaining for that ephemeral message gallery. This example contemplates a 24 hour period for an ephemeral message gallery. Naturally, other time periods may be utilized in accordance with embodiments of the invention.

FIG. 10 illustrates an interface 1000 with information on a user's stories. Individual stories 1002 have indicia of the amount of time remaining. Indicium 1004 of the number of ephemeral gallery views is also provided. Indicium 1006 of screenshots taken of an ephemeral message is also provided. This information is significant since the intent of the message was that it be ephemeral. If a message recipient overrides this intent by taking a screen shot, then the message sender is advised.

FIG. 11 illustrates processing operations performed by the ephemeral gallery module 144 in response to a request for an ephemeral message gallery. As shown in FIG. 6, a user receives a list of 602 of available stories. Haptic contact with indicia of a story is operative as a request to view an ephemeral message gallery.

The first operation in FIG. 11 is to display the next message in the gallery 1100. In the example of FIG. 8, the oldest message is the first message to be displayed. A message timer is then started 1102. The message timer expires at the end of the message duration parameter for the displayed ephemeral message. In the example of FIG. 8, the first message (Message_1) is displayed for 10 seconds. Block 1104 checks for the timer to expire. Upon expiration of the timer (1104—Yes), a check is made to determine if the gallery is empty 1106. If so (1106—Yes), processing is completed 1108. If not (1106—No), processing returns to block 1100. This processing loop is repeated until the gallery is empty.

FIG. 12 illustrates an account administration interface 1200 to establish an ephemeral gallery that receives ephemeral messages from multiple users. Such a feature may be used to facilitate celebrity or organizational accounts where numerous authorized users are allowed to post on behalf of a single account. In one embodiment, a username, display name, contact email and contact phone are specified by an account administrator. An authorized accounts prompt 1202 allows the account administrator to add other users to the ephemeral gallery. For example, activation of the prompt 1202 may result in prompts for a username, display name, contact email and/or contact phone. Alternately, activation of the prompt 1202 may result in an interface of the type shown in FIG. 6 through which authorized accounts may be added. Similar interfaces may be used for specifying privacy settings, such as which accounts are authorized to receive images of an individual.

Although the embodiments described in FIGS. 3-12 depict the use of privacy protection concepts in the context of an ephemeral gallery, it is to be understood that other embodiments contemplate the application of the concepts in these figures to privacy protection in any communication protocols, including, e.g., chat, SMS, IM, other mobile, email, etc.

An embodiment of the present invention relates to a computer storage product with a non-transitory computer readable storage medium having computer code thereon for performing various computer-implemented operations. The media and computer code may be those specially designed and constructed for the purposes of the present invention, or they may be of the kind well known and available to those having skill in the computer software arts. Examples of computer-readable media include, but are not limited to: magnetic media, optical media, magneto-optical media and hardware devices that are specially configured to store and execute program code, such as application-specific integrated circuits (“ASICs”), programmable logic devices (“PLDs”) and ROM and RAM devices. Examples of computer code include machine code, such as produced by a compiler, and files containing higher-level code that are executed by a computer using an interpreter. For example, an embodiment of the invention may be implemented using JAVA®, C++, or other object-oriented programming language and development tools. Another embodiment of the invention may be implemented in hardwired circuitry in place of, or in combination with, machine-executable software instructions.

The foregoing description, for purposes of explanation, used specific nomenclature to provide a thorough understanding of the invention. However, it will be apparent to one skilled in the art that specific details are not required in order to practice the invention. Thus, the foregoing descriptions of specific embodiments of the invention are presented for purposes of illustration and description. They are not intended to be exhaustive or to limit the invention to the precise forms disclosed; obviously, many modifications and variations are possible in view of the above teachings. The embodiments were chosen and described in order to best explain the principles of the invention and its practical applications, they thereby enable others skilled in the art to best utilize the invention and various embodiments with various modifications as are suited to the particular use contemplated. It is intended that the following claims and their equivalents define the scope of the invention. 

The invention claimed is:
 1. A method executed by a computer, comprising: receiving a digital image from a client device; executing a facial recognition technique against an individual face within the digital image to obtain a recognized face; applying privacy rules to the digital image, wherein the privacy rules are associated with privacy settings for a user associated with the recognized face; and distributing a privacy protected version of the digital image, wherein the privacy protected version of the digital image has an altered image feature, and wherein the distribution of the privacy protected version of the digital image is limited by selectively blocking distribution of the digital image in accordance with the privacy rules.
 2. The method of claim 1, further comprising: adding, in response to executing the facial recognition technique, supplemental content to the digital image to form an enhanced digital image, wherein the applying and the distributing are performed with respect to the enhanced digital image.
 3. The method of claim 2, wherein the supplemental content is an advertisement.
 4. The method of claim 1, wherein the digital image is displayed for an ephemeral period of time.
 5. The method of claim 1, wherein the digital image is displayable for an ephemeral period of time.
 6. The of claim 1, wherein the digital image is distributed to an ephemeral gallery.
 7. The method of claim 6, wherein the ephemeral gallery includes a collection of ephemeral images available for an ephemeral period of time.
 8. The method of claim 1, wherein limiting distribution of the digital image includes limiting distribution of the digital image to members of a social network associated with the recognized face.
 9. The method of claim 1, wherein limiting distribution of the digital image includes soliciting permission from the user associated with the recognized face prior to distribution of the digital image.
 10. The method of claim 1, wherein the executing includes making network calls to a machine supplying facial recognition services.
 11. The method of claim 1, wherein the altered image feature is a blurred image of the recognized face.
 12. The method of claim 1, wherein the altered image feature is a block over the recognized face.
 13. The method of claim 12, wherein the block is selected from an emoticon, an icon and a brand.
 14. The method of claim 1, wherein the altered image feature is a block over the recognized face and a body associated with the recognized face.
 15. A system comprising: a processor; and a memory including instructions that, when executed by the processor, cause the processor to perform operations comprising: receiving a digital image from a client device; executing a facial recognition technique against an individual face within the digital image to obtain a recognized face; applying privacy rules to the digital image, wherein the privacy rules are associated with privacy settings for a user associated with the recognized face; and distributing a privacy protected version of the digital image, wherein the privacy protected version of the digital image has an altered image feature, and wherein the distribution of the privacy protected version of the digital image is limited by selectively blocking distribution of the digital image in accordance with the privacy rules.
 16. The system of claim 15, the operations further comprising: adding, in response to executing the facial recognition technique, supplemental content to the digital image to form an enhanced digital image, wherein the applying and the distributing are performed with respect to the enhanced digital image.
 17. The system of claim 16, wherein the supplemental content is an advertisement.
 18. The system of claim 15, wherein the digital image is displayed for an ephemeral period of time.
 19. The system of claim 15, wherein the digital image is distributed to an ephemeral gallery.
 20. A non-transitory computer-readable medium comprising instructions, which when executed by a computing device, cause the computing device to perform operations comprising: receiving a digital image from a client device; executing a facial recognition technique against an individual face within the digital image to obtain a recognized face; adding, in response to executing the facial recognition technique, supplemental content to the digital image to form an enhanced digital image, applying privacy rules to the enhanced digital image, wherein the privacy rules are associated with privacy settings for a user associated with the recognized face, and distributing a privacy protected version of the enhanced digital image, wherein the privacy protected version of the enhanced digital image has an altered image feature, and wherein the distribution of the privacy protected version of the enhanced digital image is limited by selectively blocking distribution of the enhanced digital image in accordance with the privacy rules. 